Item Search
     
BG-Wiki Search
Page 9 of 47 FirstFirst ... 7 8 9 10 11 19 ... LastLast
Results 161 to 180 of 931
  1. #161
    Cerberus
    Join Date
    Mar 2005
    Posts
    395
    BG Level
    4
    FFXI Server
    Leviathan

    theres one way to protect against this if SE would implement it, but it puts more hassle on us to login and would be too hard for idiots.

    User pushes button, gets 6 digit code.

    However, use only types in the first 4 digits and memorizes first 2.
    SE then receives code, Performs some hashing, and sends back a 2 digit #
    User is prompted for a 2nd code, which you then push the button for a 2nd code and prepend with the last 2 of the first code and append the 2 SE supplied back.

    This would be unhackable, but will be a little tedious to login.

  2. #162
    Puppetmaster
    Join Date
    Jun 2007
    Posts
    59
    BG Level
    2

    Quote Originally Posted by Aikar View Post
    You guys need to think before you post I knew about this the entire time as a possibility but never said anything so it wouldnt give the RMT any ideas.

    RMT prolly saw who ever mentioned it and then implemented it.
    Um... no.

    The thought of something as complicated and malicious as imbedding keyloggers into scripts didnt come from people on forums mentioning it as a possible risk. People get paid to think up this stuff for companies, yes even the questionable ones do research.

    Anyone with half a brain and some knowledge in computers knows that the codekeys are only as secure as the people that program them. The fact that the keys are good for 30min at a time shows you just how flawed they are as a security device. Most REAL secure tokens have codes that expire within 20-30 seconds and require a secondary password to get into anything remotely secured.

    I guess I'm tired of the logic "If you tell them it can be hacked, then they'll hack it!"

    It falls in the same category as the repubs wanting to hide the torture memos and whatnot because then the "terrorists" will know we tortured them. It just doesn't make sense.

  3. #163
    Sea Torques
    Join Date
    Oct 2006
    Posts
    731
    BG Level
    5

    Quote Originally Posted by Aikar View Post
    theres one way to protect against this if SE would implement it, but it puts more hassle on us to login and would be too hard for idiots.

    User pushes button, gets 6 digit code.

    However, use only types in the first 4 digits and memorizes first 2.
    SE then receives code, Performs some hashing, and sends back a 2 digit #
    User is prompted for a 2nd code, which you then push the button for a 2nd code and prepend with the last 2 of the first code and append the 2 SE supplied back.

    This would be unhackable, but will be a little tedious to login.
    Unless they do have session hijacking (although I don't think they do).

  4. #164
    D. Ring
    Join Date
    Feb 2007
    Posts
    4,736
    BG Level
    7
    FFXI Server
    Quetzalcoatl

    All this hijacking talk is making me want to turn everything i own into an augment...

  5. #165
    New Spam Forum
    Join Date
    Nov 2006
    Posts
    161
    BG Level
    3

    Actually, most keyloggers not only log key strokes, but they also log what's going on screen as well. This means that not even random virtual keyboard is secure in inputting passwords.

    The only real way to protect passwords from keyloggers is to format the computer every month or so, and then never surf the web. Ever.

  6. #166
    Melee Summoner
    Join Date
    Jun 2009
    Posts
    29
    BG Level
    1
    FFXI Server
    Quetzalcoatl

    Quote Originally Posted by TMG View Post
    .... This happened to somebody in my linkshell Thursday night as well.

    He was up in Sky farming Diorite, crashed, had problems logging back in. Was finally able to log back in after numerous attempts and he was naked in Sandy, stripped of gil and items. Has a security token, some people thought he was making it up because it wasn't supposed to be possible.

    This was on Seraph by the way, was sometime around 1 AM EDT. He is getting the account rolled back thankfully. Not sure if he uses IE or what, but does play on PC.
    my account was hacked lastnight around 1am pst. very similar, i have my sec token. my POL crashed, then i had problems logging back in. Its a strange crash without error messages, my windower is just closed down. I tried logging in a few times, i get network error, though i can still go to google.com. I gave up and went to sleep instead, thought maybe server problem. I was in cape terregan.

    the hacker used my warp crudgel, and must have air shipped back to lower jueno cause my HP was in Kazham.

    I logged backin this morning standing in lower jueno, account totally stripped down of anything good. lost around 15mil total in gear/gils.

  7. #167
    Aselin
    Guest

    Quote Originally Posted by LogainDiabolos View Post
    Um... no.

    The thought of something as complicated and malicious as imbedding keyloggers into scripts didnt come from people on forums mentioning it as a possible risk. People get paid to think up this stuff for companies, yes even the questionable ones do research.

    Anyone with half a brain and some knowledge in computers knows that the codekeys are only as secure as the people that program them. The fact that the keys are good for 30min at a time shows you just how flawed they are as a security device. Most REAL secure tokens have codes that expire within 20-30 seconds and require a secondary password to get into anything remotely secured.

    I guess I'm tired of the logic "If you tell them it can be hacked, then they'll hack it!"

    It falls in the same category as the repubs wanting to hide the torture memos and whatnot because then the "terrorists" will know we tortured them. It just doesn't make sense.
    Seeing that there is more than one player having been targeted, this leads me to believe that this isn't the work of some RMT in China living in squalid conditions working 12 hour rotations.

    The sophistication of these exploits suggest that this is the work of someone who knows how to make these programs and how to implement it. They have knowledge how the security token works and how the network works, as well as how and where to bypass the real user when logging on their character. I'm sure Aikar above can give a much more detailed explanation than I can.

    The RMT companies seem to be either hiring professional or knowledgeable programmers and have moved up from merely using Javascript, Flash and iFrame exploits in the past. I'm calling this a rootkit as it's much more sophisticated than some keylogger that's probably less than 50 or 100 kiB in size.

    The method of entry, given those who were hacked, came from the use of Internet Explorer and/or an unprotected computer.

    The steps that followed are probably the same as what a few others have suggested before I made my post:
    1. Javascript or iFrame loading a small program onto the PC. This is hidden within an RMT banner ad seeing many are not just Flash ads but also iFrames that may carry other scripts with it.

    2. That small program installs what is possibly a rootkit which will remain hidden to the user and undetected. It's not just merely a keylogger, or isn't a keylogger.

    3. Rootkit monitors the user, the network and the PlayOnline process in memory. It also sends the attacker the IP address of the player.
    The next part is done simultaneously between the player and the attacker:
    Spoiler: show
    Rootkit sends IP address to attacker to connect to the player's computer.

    Attacker establishes a connection between his/her computer and the player's. The rootkit then blocks PlayOnline Viewer from connecting to the server. It also forceably disconnects the player via crashing Playonline (hence rootkit) and/or interrupting the connection between POL and the server.

    Player disconnects suddenly and reopens PlayOnline Viewer to log back on.

    If Player doesn't save his POL ID+Password, then the following happens:
    Player enters PlayOnline ID + Password, security username, security password, and one-time password.

    Rootkit monitors keystrokes for POL ID; monitors memory for which keys were pressed for software keyboard; and monitors keystrokes for one-time password.

    As soon as player sends that information over, the rootkit is already sending or has sent that information to the attacker. With PlayOnline being blocked by the rogue program, player is unable to connect and the attacker is/has already logging/logged on the account at this point.


    If you have been attacked and hacked, it is highly advisable to scan for a rootkit stored on computer. Anti-malware, anti-virus and anti-spyware software may not pick it up unless they're programmed for it. Paid versions of AVG will detect it; Comodo Internet Security as well; Avira Free Anti-vir will detect it as well. Norton should be able to detect it as well. Outside of those, I am not too familiar with other anti-virus/malware/spyware programs.

    You can also use a standalone scanner:
    SysInternals RootkitRevealer from Microsoft
    RootkitRevealer

    (This doesn't remove it. It is only a detection tool.)

    Sophos Anti-rootkit detection and removal tool
    Sophos Anti-Rootkit - Free rootkit detection and removal

    Avira Anti-rootkit Tool
    http://dlpro.antivir.com/down/window...ir_rootkit.zip
    If you find any, post what that rootkit is on this forum. That way it's possible to find more about it and/or report it. And, thus find ways to prevent it from happening again.

    Again, using Firefox with NoScript/AdBlock or using IE7/IE8 with IE7 Pro installed should help reduce these attacks. A software firewall like Comodo Internet Security or ZoneAlarm Firewall, though as complex as it may be, might provide more protection than Windows' own Firewall. And, keeping an anti-malware and anti-spyware program on your computer as well as being continuously up-to-date will help in the long run.

    (Also, if you feel the theory on how the player's computer was attacked mentioned above is a security risk, feel free to edit it.)

  8. #168
    Smells like Onions
    Join Date
    Jan 2008
    Posts
    8
    BG Level
    0

    This has happened to my account 2 times now. Both times were roughly about the same time and day, Sunday 1:30am-2:30am pst. Last weekend I was able to log back on in time to only lose some inexpensive gear and a little gil. This weekend, I was unable to get logged back on in time to stop them from pretty much stripping my account of all gil/sellables. I will be doing a rollback this time around since they stripped my account. Both times I was "hacked" my window just closed. I didn't get any errors or any strange messages. It just seemed to close on it's own. On both "hacks", as soon as my window shut off, I ran 2 different scans and my computer turned up clean, nothing found. None of my passwords where changed. Also, I was logged in for a few hours prior to the "hacks" happening. I have also un-installed then re-installed FFXI after the first time to see if it was something in the programing.

    I use Firefox + non-script + Norton + spybot-search and destroy + Windows Firewall + Token. No one but myself knows the PW or any info on the account. I never "type" my PW in, I always use the on-screen keyboard and "click" it in with my mouse. I don't use 3rd party tools. The only sites I go to that pertain to FFXI is wikki and ffxiah.com and I don't visit any sites that are "off-color". I also run a virus scan every time my computer starts up. After the second "hack" I used a program called Hijackthis from housecall.trendmicro.com and there was nothing wrong the registry or file settings. My remote access is always turned off.

  9. #169
    Fishing Guru
    Join Date
    Jan 2007
    Posts
    4,722
    BG Level
    7

    Quote Originally Posted by Frogger View Post
    This has happened to my account 2 times now. Both times were roughly about the same time and day, Sunday 1:30am-2:30am pst. Last weekend I was able to log back on in time to only lose some inexpensive gear and a little gil. This weekend, I was unable to get logged back on in time to stop them from pretty much stripping my account of all gil/sellables. I will be doing a rollback this time around since they stripped my account. Both times I was "hacked" my window just closed. I didn't get any errors or any strange messages. It just seemed to close on it's own. On both "hacks", as soon as my window shut off, I ran 2 different scans and my computer turned up clean, nothing found. None of my passwords where changed. Also, I was logged in for a few hours prior to the "hacks" happening. I have also un-installed then re-installed FFXI after the first time to see if it was something in the programing.

    I use Firefox + non-script + Norton + spybot-search and destroy + Windows Firewall + Token. No one but myself knows the PW or any info on the account. I never "type" my PW in, I always use the on-screen keyboard and "click" it in with my mouse. I don't use 3rd party tools. The only sites I go to that pertain to FFXI is wikki and ffxiah.com and I don't visit any sites that are "off-color". I also run a virus scan every time my computer starts up. After the second "hack" I used a program called Hijackthis from housecall.trendmicro.com and there was nothing wrong the registry or file settings. My remote access is always turned off.
    Damn man, I'd be weary to log back in once the account is rolled back until you determine what caused it.

  10. #170
    The 69th Donor
    Pens win! Pens Win!!! PENS WIN!!!!!

    Join Date
    Mar 2008
    Posts
    15,071
    BG Level
    9
    WoW Realm
    Kil'jaeden

    So since these people have tokens now is SE going to be douchebags and claim that no one could have possibly gotten hacked and refuse to restore accounts?

    Who doesn't see that being a possibility?

  11. #171
    Relic Shield
    Join Date
    Apr 2009
    Posts
    1,514
    BG Level
    6

    Quote Originally Posted by Aksannyi View Post
    So since these people have tokens now is SE going to be douchebags and claim that no one could have possibly gotten hacked and refuse to restore accounts?

    Who doesn't see that being a possibility?
    SE stated already that the token is not 100% secure and not to consider it that. This info is in the FAQ on the SEAMS site as well as POL FAQ.

    Maybe the EGS admin who posted recently in player warnings forum here can let people here know if they have had any increase in gil sales or new applicants selling gil lately. Perhaps even some one who broke their pattern with gil sales and suddenly has a assload available.

  12. #172
    A. Body
    Join Date
    Jul 2008
    Posts
    4,046
    BG Level
    7
    FFXI Server
    Caitsith

    Quote Originally Posted by Aksannyi View Post
    So since these people have tokens now is SE going to be douchebags and claim that no one could have possibly gotten hacked and refuse to restore accounts?

    Who doesn't see that being a possibility?
    Quite honestly the blame should be falling onto Vasco, especially since it's happening on WoW as well so as much as people would like to bash SE for this, they actually did do their best by implementing their security system and for awhile people (who were smart) weren't getting touched for quite awhile.

    In theory no you can't be hacked with a token, especially by joe blow RMT, this is definitely the work of someone outside of the RMT realm.

    It all boils down to:

    If someone wants your shit, they will get your shit no matter what period.

  13. #173
    The 69th Donor
    Pens win! Pens Win!!! PENS WIN!!!!!

    Join Date
    Mar 2008
    Posts
    15,071
    BG Level
    9
    WoW Realm
    Kil'jaeden

    I'm just saying that I wouldn't put it past SE to fuck people like that.

  14. #174
    D. Ring
    Join Date
    Feb 2007
    Posts
    4,736
    BG Level
    7
    FFXI Server
    Quetzalcoatl

    Uh... windows firewall just blocked pol while im in the middle of playing ffxi(no dc. im still online). is that normal for vista to do something so retarded or is it possibly something else.
    nvm. just dced as i was typing this.

  15. #175
    Puppetmaster
    Join Date
    Feb 2008
    Posts
    61
    BG Level
    2
    FFXI Server
    Ragnarok

    Quote Originally Posted by Khajit View Post
    Uh... windows firewall just blocked pol while im in the middle of playing ffxi(no dc. im still online). is that normal for vista to do something so retarded or is it possibly something else.
    nvm. just dced as i was typing this.
    UT OH

    this is actually a pyramid scheme run by candlejack.
    right when you think you are safe he comes and

  16. #176
    Smells like Onions
    Join Date
    Jul 2009
    Posts
    9
    BG Level
    0
    FFXI Server
    Cerberus

    Slashdot just posted about something similiar, unrelated to FFXI. Refers to a NY Times article.

    The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."

  17. #177
    Cerberus
    Join Date
    Mar 2005
    Posts
    395
    BG Level
    4
    FFXI Server
    Leviathan

    Quote Originally Posted by Gere View Post
    Unless they do have session hijacking (although I don't think they do).
    SE Uses SSL connections for POL.

    If RMT have broken SSL encryption, FFXI accounts is the last thing on their list to profit off.

  18. #178
    Banned.

    Join Date
    Sep 2007
    Posts
    92
    BG Level
    2
    FFXI Server
    Sylph

    Just found this linked on slashdot...don't know if it has been mentioned yet but I didn't see it so here ya go:

    How Hackers Snatch Real-Time Security ID Numbers - Bits Blog - NYTimes.com

    Basically says there are now realtime keyloggers...your token is useless.

  19. #179
    The 69th Donor
    Pens win! Pens Win!!! PENS WIN!!!!!

    Join Date
    Mar 2008
    Posts
    15,071
    BG Level
    9
    WoW Realm
    Kil'jaeden

    Two posts up, dude.

  20. #180
    Banned.

    Join Date
    Sep 2007
    Posts
    92
    BG Level
    2
    FFXI Server
    Sylph

    lol so it was. Thought he was just quoting someone so I didn't read that part.

Page 9 of 47 FirstFirst ... 7 8 9 10 11 19 ... LastLast

Similar Threads

  1. What in the fuck is going on with Ancient Currency prices?
    By Avarice in forum FFXI: Everything
    Replies: 22
    Last Post: 2009-01-12, 05:21
  2. Ok what the hell is up with Roc?
    By S N K in forum FFXI: Everything
    Replies: 49
    Last Post: 2008-06-28, 21:00
  3. Oldschool players with JP Accounts & The new Expansion
    By Lyramion in forum FFXI: Everything
    Replies: 39
    Last Post: 2007-11-24, 01:31